Summary
In src_c/render.c, the texture_init function parses the renderer argument using the generic O format specifier in PyArg_ParseTupleAndKeywords, but then immediately casts and dereferences it as a pgRendererObject * without any type validation. Passing a non-Renderer Python object will cause invalid memory access / a crash.
Suggested Fix
Use the O! format specifier with &pgRenderer_Type to enforce the type at parse time:
- if (!PyArg_ParseTupleAndKeywords(args, kwargs, "OO|ippp", keywords,
- &renderer, &sizeobj, &depth, &staticc,
+ if (!PyArg_ParseTupleAndKeywords(args, kwargs, "O!O|ippp", keywords,
+ &pgRenderer_Type, &renderer, &sizeobj,
+ &depth, &staticc,
&streaming, &target)) {
return -1;
}References
Summary
In
src_c/render.c, thetexture_initfunction parses therendererargument using the genericOformat specifier inPyArg_ParseTupleAndKeywords, but then immediately casts and dereferences it as apgRendererObject *without any type validation. Passing a non-RendererPython object will cause invalid memory access / a crash.Suggested Fix
Use the
O!format specifier with&pgRenderer_Typeto enforce the type at parse time:References
scale_qualityparameter of_render.Texture#3741 (comment: Removescale_qualityparameter of_render.Texture#3741 (comment)) — deferred as out of scope for that PR.